package com.lut.edu.apm.webCenter.config;

import com.lut.edu.apm.webCenter.service.impl.LogoutService;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @author Zhao Suzhen
 * @date `2024/6/4`
 */

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableMethodSecurity
public class SecurityConfig {


    /**
     * AuthConfig中自定义的bean
     */
    private final AuthenticationProvider authenticationProvider;

    private final JwtFilter jwtFilter;

    private final LogoutService logoutService;

    private final MyAccessDeniedHandler myAccessDeniedHandler;


    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf()//关闭session
                .disable()
                .authorizeHttpRequests()
                .requestMatchers("/", "/index", "/managLogin", "/manag/**", "/productManag","/userShow").permitAll()
                .requestMatchers("/commodity/**", "/queryOrder/**", "/pay/**", "/product/**").permitAll()
                .requestMatchers("/message/**", "/user/**").permitAll()
                .requestMatchers("/css/**", "/js/**", "/img/**", "/element_ui/**", "/mp3/**", "/favicon.ico").permitAll()
                .anyRequest()
                .authenticated()//  剩下的请求都需要拦截
                .and()
                .exceptionHandling()
                .accessDeniedHandler(myAccessDeniedHandler) //  配置无权访问的处理
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authenticationProvider(authenticationProvider)//  使用我们自定义的权限查询校验方法
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) //  配置请求拦截
                .logout()
                .logoutUrl("/manag/logout") //   配置登出路径
                .addLogoutHandler(logoutService)
                .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext()) // 登出后清楚请求的上下文，也就是用户信息
                .and()
                .formLogin(form -> form.loginPage("/managLogin")
                        //处理前端跳转页面，要跟form表单里的action相同
//                        .loginProcessingUrl("/apm/productManag")
                        .passwordParameter("password")
                        .usernameParameter("username")) // 添加登录表单支持，用于处理/productManag访问时的跳转
        ;

        return http.build();
    }
}

